PDA

View Full Version : Change Packets Blocked by SAM from Reject to Drop



roadrunner
2005-08-13, 16:06
Change Packets Blocked by SAM from Reject to Drop
Connections or packets dropped with 'fw sam' or 'block intruder' appear to reject the packets instead of drop. This can be viewed as a bad thing, as it gives information, specifically yes I am a firewall and I am now blocking you.

If you get right down to it, it should "vanish" the packets. Vanish makes sure the TCP renegotiation mechanism never occurs.

The code responsible for this is in $FWDIR/lib/code.def on the management station (at least in 4.1). You'll see the following in the code:

/*
* SAM code
* Check the sam table for ipaddrs which are temporarily blocked -
* such connections will not be allowed to reach the rulebase code.
*/
followed by a bunch of #define and define statements. Then you will see:
reject (
...
);
The [...] will contain a bunch of refences to SAM functions. Simply change the "reject" to "drop" or "vanish" and reload your policy.
-- PhoneBoy - 11 Jan 2004


FAQForm
FAQs.Class: MiscellaneousFAQs
FAQs.OS:
FAQs.Version: